W3C home > Mailing lists > Public > public-webappsec@w3.org > April 2015

Re: WebAppSec Credentials Management API FPWD consensus plan

From: Mike West <mkwst@google.com>
Date: Fri, 24 Apr 2015 10:55:18 +0200
Message-ID: <CAKXHy=dLMmrTu-e-8sgPfb=iHdZEXVqywaH7H0carHV6Wg2+Xw@mail.gmail.com>
To: Adrian Hope-Bailie <adrian@hopebailie.com>
Cc: Manu Sporny <msporny@digitalbazaar.com>, Dave Longley <dlongley@digitalbazaar.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>
On Fri, Apr 24, 2015 at 9:42 AM, Adrian Hope-Bailie <adrian@hopebailie.com>

> Personally, I think that the Credentials CG work will result in a
> different API but one that works in parallel with an expanded credentials
> API. i.e. You will have a identities with one or more credentials. You can
> either manage these via the credentials themselves or via the identities.

That worries me. I wouldn't be happy about an outcome where we add
complexity to API to accommodate the needs of various groups, only to see
those groups define their own API. If that's the likely outcome, then I'd
prefer to strip out the complexity we've added, rather than ending up with
an API that doesn't make anyone happy.

I would like to see my pull-request included before the spec goes ahead to
> FPWD. If not then I'd be keen to understand why.

FPWD is important insofar as it kicks off the patent exclusion period for
the broad-strokes contours of the document. It is not important in terms of
the details of the API's spelling/shape. Publishing a FPWD does not mean
that your PR is never going to land ever, muwahaha. In fact, given the new
publication mechanisms, I intend to quite rapidly publish new working
drafts with updates as they land in GitHub.

(Wendy, would you mind creating one of those magical publication tokens
along with the FPWD to enable that new, rapid publication mechanism?)

Received on Friday, 24 April 2015 08:56:07 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:48 UTC